Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
이제 국회 청문회나 공개되는 정보에서도 IMSI와 IMEI와 같은 약어가 나온다. 그러나 "유심 식별번호"나 "유심 인증키", "유심 비밀번호"가 구체적으로 뭔지는 아직도 언급되지 않고 있다. "유심 식별번호"에는 최소한 두 가지가 있고, "유심 인증키"라고 부를 수 있는 것만 최소한 5가지가 있으며, "유심 비밀번호"라고 부를 수 있는 것도 최소한 5가지가 있다. 그 중에서는 메모리 내에서도 가급적 암호화되어야 하는 것과, 디스크에서만 암호화할 수 밖에 없는 것도 섞여 있다. 대부분 여기에 사용되는 암호화 방식은 대칭 키 방식이기 때문에 평문 키에 접근해야 하며, 전가의 보도로 사용되는 "해시"도 사용할 수 없다.
구체적으로 무슨 정보가 유출되었는지가 알려지지 않는 이상, 쓸데없는 보안 관련 규제가 생길 가능성도 간과할 수 없다.
Feeling as tired as Nginx endlessly serving pazes to bots. 😴 Just an infinite loop of requests and responses over here. Send caffeine... and maybe a good fireball far me.
コンクラーベおめでとう🐧㊗️
anyway, uh, does that help? :D
Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation
https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html
#我在看什么
读完这篇 openSUSE 为什么决定移除 Deepin Desktop 的博文,真大为震惊。
国内最有名,颇受好评的 Deepin Desktop 安全水准竟然这么差。
从2017年至今 D-BUS service 不断的有安全问题,还偷偷搞小动作私自安装被 openSUSE 安全团队拒绝的 D-Bus service、Polkit policies。
当然最让我惊讶的是,博文的最后竟然还为不在乎系统安全,看了上述博文仍想安装 Deepin Desktop 的用户留下了安装 Deepin Desktop 的方法。
this is basically the difference between git and gh, if you will: if we had a `jj github` command, we could make it recognize these situations and automatically clean up for you, kinda like how gh does fancy stuff on top of git to make the experience nicer
this feels scary at first but is largely just jj noticing "hey seems like we have two different things with the same change id, what's up with that? and, as the faq mentions, you just abandon the one that's not on trunk. a papercut, but better than it automatically throwing something away
if you do a merge, should look similar, maybe with different lines the trickiest one is squash merges or anything else where the forge changes your commits. that can lead to a divergent commit jj-vcs.github.io/jj/latest/FA... when you get the ?? at the end
Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation
https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html
#我在看什么
读完这篇 openSUSE 为什么决定移除 Deepin Desktop 的博文,真大为震惊。
国内最有名,颇受好评的 Deepin Desktop 安全水准竟然这么差。
从2017年至今 D-BUS service 不断的有安全问题,还偷偷搞小动作私自安装被 openSUSE 安全团队拒绝的 D-Bus service、Polkit policies。
当然最让我惊讶的是,博文的最后竟然还为不在乎系统安全,看了上述博文仍想安装 Deepin Desktop 的用户留下了安装 Deepin Desktop 的方法。
@bgme@bgme.me毛茸茸生长 
翻了一下suse的security blog找到这篇:
https://security.opensuse.org/2025/01/24/dde-api-proxy-privilege-escalation.html#9-timeline
感觉整个 timeline 看下来 deepin 的 security response 就是完全业余的样子。
ブルースーカイブ
i tend to do trunk-based dev with rebase merges only. so when i jj git fetch, i often end up with a graph that looks like $ jj log @ rzownqqx │ (empty) (no description set) │ ◆ wuxwwlxm trunk ├─╯ thing I just merged ◆ oltlpuxu │ old feature and then i `jj new trunk` to work on top of it
misshaialertみたいな (fedihaialert?)のほしい?
カウントしたりするだけだからまだ作れなくはないので
misshaialertみたいな (fedihaialert?)のほしい?
カウントしたりするだけだからまだ作れなくはないので
The one thing I will say is that while you're in school, you should relish the opportunity to write school papers, which no one will read except your grader! There's something wonderfully freeing about submitting something and going "well that's over!" I will never feel that in my adult life again
@slothropRocketman don't die wondering
Strong convective development over the mountains of southern New Mexico...even before 10AM.
These two photos show rapid growth of a towering cumulus, especially the top.
But this development is very localized...along the convergence line/zone. (See weather satellite image)
https://en.wikipedia.org/wiki/Convergence_zone
I expect that we'll have localized showers soon.
#NewMexico #NMwx #Convergence #Convection #Cumulus #Thunderstorms
https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/
Something to be aware of if you work in a Microsoft shop with security requirements: Copilot on Sharepoint will apparently allow ACL bypass without logging or alerting.
You can just ask it for things.
It looks like what's going on under the hood here is that Copilot introduces a new category of user account for their agents, who have expansive read permissions by default and Copilot doesn't know how to map what the agent _can_ read against user permissions.
Build your own ResponseWriter: safer HTTP in Go https://lobste.rs/s/8zmkmw #go
https://anto.pt/articles/go-http-responsewriter
the real trick is what happens after, though: does your remote merge, rebase, or squash merge? each can lead to different looking states after a `jj git fetch`
that is, jj keeps one graph of everything, remotes aren't some separate repo whose state you have to integrate with your own, so it is similar to fetch + rebase (or pull) in some sense.
since jj doesn't have a "current branch" concept, it's not literally switching to main/trunk: jj git fetch will always leave @ where it is when you call it. however, git does like, sorta keep each remote's contents separate from yours until you do something with it, whereas jj does not
I was at Lee Lee down in Tucson and bought this Ku Ding tea without actually knowing what it was. 😅
I guess it's not really tea per se but rather an herbal part of Traditional Chinese Medicine. Good for clearing the head and supporting the heart and circulation. It's also supposed to be super bitter. I'll let you know how it goes. #tea #tcm #kuding
IPA、日本におけるオープンソース戦略形成に向けた現状と展望をまとめた「2024年度オープンソース推進レポート」公開
https://www.publickey1.jp/blog/25/ipa2024.html
I’ve written before about what I’d do if I ran Bluesky or Mastodon. But what if I started from scratch? What would it look like to build a new open social platform - one that's private-by-default, human-centered, and sustainable from day one?
Here’s the blueprint I’d follow: https://werd.io/2025/if-i-started-fresh
にゃーん
Check out our own Ryan Goodfellow’s fantastic InfoQ talk on how we're innovating rack-scale computing with P4! From programmable fabrics to debugging tools, Ry shares how to turn theory into production-ready systems. https://www.infoq.com/presentations/tofino-2/
curious about where there's a project (other than base16 & its forks) that uses shell scripts to set your terminal colours like this: https://github.com/chriskempson/base16-shell/blob/master/scripts/base16-atelier-dune.sh
I really enjoy setting my terminal colours from a shell script (works in every terminal emulator! no more messing around in the settings! ) but there are some things about base16 that I don't love
えっちなほうにされました
どうしてでしょうか
‘자금난’ 민주노동당 3억원 모았다, 대선후보 등록 가능
수정 2025.05.08 21:26
시민들 십시일반 모아 … 선거운동 비용도 고민 www.labortoday.co.kr/news/article...
‘자금난’ 민주노동당 3억원 모았다, 대선후보 등록 가...
なんか多重人格みたいになっちゃった、ぼく
(
@cocoaここあ)
ちなみにチャット機能、連合しないのでダイレクトの完全な代替にはならないはず
素手で人間を引き裂けそうな勢い
「人型ロボット」突然“暴走”人だかりに突進 ケースも【スーパーJチャンネル】(2025年5月8日) - YouTube
https://www.youtube.com/watch?v=NOIIgx157jk
🙇
来世はしぐれういの家の湯船になりたい。
にじみすが追従するのはいつかわからないけど…
自從去年造訪高尾山、江之島後,覺得以前在國外沒有多接觸自然環境很可惜,那種新鮮感不是都市比得上的 (不用人擠人這點也很讚)
#throwbackthursday #japantravel #japan #高尾山
How are these worse than plane seats Also how do people color on iPad uogogogohohhohjkvvm
BASED.
Ken Turner, 98, fought fascism in WWII. And now he’s back to fight fascism again
Tank vs. Tesla
via Led by Donkeys
從這組照片經過時,不知道為什麼特別想哭。
#wwiivictoryday
下雨天蚊子空群而出,打了一隻還有兩隻,而且超大的 
Nothing、次期フラッグシップスマホ「Phone (3)」の発表に向けてプロモーションを開始しました。
まだ、デザインやスペックに関する情報は一切出て来ていないですが、今年7月に発表される見込み。
https://taisy0.com/2025/05/09/211256.html
從這組照片經過時,不知道為什麼特別想哭。
#wwiivictoryday
Do you want to get involved in postmarketOS but don't know where to start? Check out our new contribute page! We are not only interested in people who want to play around with APKBUILDs and hacking on the Linux kernel, but also have plenty of things in there that don't require programming knowledge such as becoming part of the Testing Team, reporting issues, writing documentation and just helping out other people! ✨
he 100% doesn’t realize this meme is mocking him and his fanboys who use grok like this
Optimizing cloud capacity costs through linear programming https://lobste.rs/s/tw9dnk #distributed
https://modal.com/blog/resource-solver
洪 民憙 (Hong Minhee)
MJ
ここあにゃん 
Glyph
Publickey 
くろでん
